CERTIFIED INFORMATION SECURITY MANAGER (CISM) COURSE OVERVIEW.
Certified Information Security Manager (CISM) training recognises that security is first and foremost management rather than a technical issue. CISM defines the core competencies and international standards of performance that information security manager are expected to master. It provides executive management with the assurance that those who have earned their CISM have the experience and knowledge to offer effective security management and advice. The course provides an intense environment in which participants can acquire, thoroughly and properly, the skills and knowledge expected of a world-class information security manager. In the process the course provides outstanding preparation for the CISM exam……Read More
Course Structure
This 5-day course is structured to follow the CISM review manual and examination flow. A full day is provided for each of the core competencies and associated task and knowledge statements, thereby ensuring a detailed and thorough coverage of all areas that will be tested. The fundamental thrust of examination is on understanding the concepts, not on memorizing facts. As a result, the course will be presented in an interactive manner to ensure the underlying concepts are understood and examination questions can be analyzed properly to achieve the correct answer.
Course Objectives
CISM” (Certified Information Security Manager) Training has been independently commissioned with two objectives:
- To provide an environment in which security professionals can acquire, thoroughly and properly, the skills and knowledge expected of a world class information security manager. Whether or not you intend to sit for the CISM exam, this course is a powerful way to equip yourself with the knowledge of the five core competencies that define the successful information security manager.
- To maximize your prospects at the CISM exam if you choose to sit it.
Course Outlines
1. Information Security Governance and Strategy
Introduction:
Definition
Objective
Tasks
Overview
Topics:
Effective Information Security Governance
Key Information Security Concepts and Issues
The IS Manager
Scope and Charter of Information Security Governance
IS Governance Metrics
Developing an IS Strategy – Common Pitfalls
IS Strategy Objectives
Determining Current State of Security
Strategy Resources
Strategy Constraints
Action Plan Immediate Goals
Action Plan Intermediate Goals
Practice Questions; Review of Practice Questions;
Reference Materials and Glossary
2. Risk Management
Introduction:
Definition
Objective
Tasks
Overview
Topics:
Effective Information Security Risk Management
Integration into Life Cycle Processes
Implementing Risk Management
Risk Identification and Analysis Methods
Mitigation Strategies and Prioritisation
Reporting Changes to Management
Practice Questions; Review of Practice Questions;
Reference Materials and Glossary
3. Information Security Programme Management
Introduction:
Definition
Objective
Tasks
Overview
Topics:
Planning
Security Baselines
Business Processes
Infrastructure
Malicious Code (Malware)
Life Cycles
Impact on End Users
Accountability
Security Metrics
Managing Internal and External Resources
Practice Questions; Review of Practice Questions;
Reference Materials and Glossary
4. Information Security Management
Introduction:
Definition
Objective
Tasks
Overview
Topics:
Implementing Effective Information Security Management
Security Controls and Policies
Standards and Procedures
Trading Partners and Service Providers
Security Metrics and Monitoring
The Change Management Process
Vulnerability Assessments
Due Diligence
Resolution of Non-Compliance Issues
Culture, Behavior and Security Awareness
Practice Questions; Review of Practice Questions;
Reference Materials and Glossary
5. Response Management
Introduction:
Definition
Objective
Tasks
Overview
Topics:
Performing a Business Impact Analysis
Developing Response and Recovery Plans
Incident Response Processes
Executing Response and Recovery Plans
Documenting Events
Post Event Reviews
Practice Questions; Review of Practice Questions;
Reference Materials and Glossary
The CISM designation is for Information Security professionals who have 3-5 years of front-line experience with the security of information. This credential is geared towards Information Security managers and those who have information security management responsibilities